Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0Z2gtM2N3di13dnAy

High EPSS: 0.00471% (0.63506 Percentile) EPSS:
Permalink JSON

Directory traversal in rollup-plugin-server

Affected Packages Affected Versions Fixed Versions
npm:rollup-plugin-server
PURL: pkg:npm/rollup-plugin-server
<= 0.7.0 No known fixed version
25 Dependent packages
24 Dependent repositories
183 Downloads last month

Affected Version Ranges

All affected versions

0.6.0, 0.7.0

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.

References:

Identifiers

GHSA-34gh-3cwv-wvp2

CVE-2020-7683

Risk

Severity

High

EPSS

EPSS Percentage: 0.00471

EPSS Percentile: 0.63506

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 5 years ago

Updated

almost 3 years ago

API

JSON